-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws-cdk-codepipeline: InvokeLambdaAction #29
Conversation
1. Accepts a `LambdaRef` instead of function name 2. Add `lambda:ListFunctions` and `lambda:InvokeFunction` to pipeline role. 3. Add `codepipeline:PutJobXxxResult` to Lambda role. In order to avoid the cyclic dependency: Pipeline => Lambda Lambda => Role Role => Pipeline We follow the recommendation in the [CodePipeline docs][1] and use a "*" resource for `codepipeline:PutJobXxxResult` for the Lambda execution policy. [1]: https://docs.aws.amazon.com/codepipeline/latest/userguide/actions-invoke-lambda-function.html BREAKING CHANGE: - The `DefaultBounds` function is no longer exported. - `GitHubSourceProps.oathToken` spelling fixed to `oauthToken` - `BuildAction` now takes an `inputArtifact` instead of `source` (allows using these actions for arbitrary activity within a pipeline). - `InvokeLambdaProps` takes `lambda` instead of `functionName`. - `InvokeLambda` renamed to `InvokeLambdaAction`
* the pipeline. | ||
* | ||
* @see | ||
* https://docs.aws.amazon.com/codepipeline/latest/userguide/actions-invoke-lambda-function.html#actions-invoke-lambda-function-create-function |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would put the URL on the same line as the @see
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I get yelled at by tslint 😢 and I don't like to constantly disable those rules.
* @see | ||
* https://docs.aws.amazon.com/codepipeline/latest/userguide/actions-invoke-lambda-function.html#actions-invoke-lambda-function-create-function | ||
* | ||
* @default true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a though -- that default is slightly awkward (because undefined is false
y). But whatever.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's perfectly fine to have defaults that default to true
. At least, better than negative keywords (dontAddPutJobResultPolicy
? ugh)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Definitely. Hence the whatever.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, @rix0rrr convinced me of this when we formalized the design guidelines, and I am convert now.
Don't think that is the reason. We don't actually have a cyclic dependency, because we'd just use an
I think the reason is just that CodePipeline doesn't actually support ARNs in IAM policies! 🙀 |
@rix0rrr good point about the cyclic dependency. Let me re-check if there's something I missed. |
LambdaRef
instead of function namelambda:ListFunctions
andlambda:InvokeFunction
to pipeline role.codepipeline:PutJobXxxResult
to Lambda role.In order to avoid the cyclic dependency:
We follow the recommendation in the CodePipeline docs
and use a "*" resource for
codepipeline:PutJobXxxResult
for the Lambda execution policy.
BREAKING CHANGE:
DefaultBounds
function is no longer exported.GitHubSourceProps.oathToken
spelling fixed tooauthToken
BuildAction
now takes aninputArtifact
instead ofsource
(allowsusing these actions for arbitrary activity within a pipeline).
InvokeLambdaProps
takeslambda
instead offunctionName
.InvokeLambda
renamed toInvokeLambdaAction
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.